Reflecting on BSides Canberra 2023: Insights and Highlights from Mercury
This year’s BSides Canberra event drew in about 3,000 attendees across the cyber security industry and community. Vendor booths showcased the latest equipment, the competition hall provided opportunities to try ‘Capture the Flag’ events, and there was a lot of information about careers. The schedule also boasted various talks from industry leaders, many having prepared […]
Does your cybersecurity consultant have the right certifications?
The question of certification remains a topic of ongoing discussion. A recent announcement from the Australian Information Security Association (AISA) has especially reignited this debate, raising questions about the effectiveness of current certification models and whether certification increases the barriers to entry in the industry. In some cases, we have seen an indifference towards certifications not as […]
Navigating IRAP Assessment & Preparation: When they make sense and when they don’t
TL;DR: Cyber security is about more than ticking boxes. As cyber security threats and incidents have made headlines, many business leaders have focused on strengthening their defences. However, one mistake many people make is seeing cyber security as an exercise in ticking boxes. This is when IRAP assessments & preparation come into play. IRAP assessments […]
Breaking into Salesforce: Our experience with Penetration Testing
TL;DR- Pen testing Salesforce requires brains, not tools. For many companies, Salesforce has become the go-to platform for managing customer data. If it is also where your business stores confidential information, then you must do your part in strengthening the platform against threat actors. Whether your business has leveraged Salesforce for a while or recently […]
Optimising cloud security: How to strike a balance between cloud performance and cost
The cloud has become a critical part of modern businesses. It offers greater flexibility, scalability and cost savings than on-prem solutions. As the use of cloud services continues to grow, so do concerns over cloud security. If your company relies on data and applications entirely or even partially stored in the cloud, understanding appropriate security […]
STS (Securing the Simple)
Elias Ennebt So you just found out that your details have been breached, you’re hurt and furious. “How could this happen?” “Were they being cheap? Do they not care about me and my data?” The reality is that computers and the systems we rely on are extremely complex and fragile, and the world economy has […]
What happens when PII is left on an MFD?
Naima Hassen Staff are generally expected to use company equipment such as scanners, printers and even fax machines for exclusively work-related activities; however, that might not always be the case. I’ve been guilty of using staff equipment for personal reasons such as scanning government documents or printing out things for myself and even family members […]
Do you advertise or not advertise your clients in cybersecurity?
Edward Farrell Earlier this year we had a bit of an interesting predicament; A client had advertised that they’d used our services as a demonstration of their cyber security requirements. Whilst I am humbled by their gratitude towards our services, openly advertising our clients is not something we do. As cyber security firms, I contest […]
Insights: why threat model?
Edward Farrell Cybersecurity fundamentally boils down to one thing- the protection of systems (weather they are physical, digital or social) from loss, disclosure, disruption, theft, unauthorised access, modification and a raft of other concerns that impact organisations or our environments at large. Fundamentally we need to understand why and contextualise what is occurring, for which […]
For the Lulz: The risk of free domains (or why your old DNS provider needs to keep stuff registered)
Edward Farrell Our “for the lulz” series focuses on entertaining anecdotes with hopefully a serious lesson at the end. A good friend of mine who owns a small financial services firm called me a few months ago asking for a security assessment (at mates rates of course… everyone in IT, law and trades are expected […]